Pfsense XSS Vuln - Where is fix?
-
Yesterday I read about a XSS Vulnerability in pfsense 2.7.2. The article mentioned that netgate fixed it in 2.8, but buth pfsense installations of mine don't offer 2.8.
Any ideas?
-
@toddehb said in Pfsense XSS Vuln - Where is fix?:
Any ideas?
Install System_Patches 2.2.10_1 and apply the recommended Patches .
-
You have a link to where you read it?
-
@stephenw10 said in Pfsense XSS Vuln - Where is fix?:
You have a link to where you read it?
https://www.heise.de/news/Cross-Site-Scripting-Sicherheitsluecken-in-pfSense-ermoeglichen-Admin-Cookieklau-9696756.html
-
Oh, right, yes apply the patch as it says in the instructions in the SA.
Users on pfSense Plus version 23.09.1 and pfSense CE version 2.7.2 may apply the fix from the recommended patches list in the System Patches package.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.